EP3707669A1 - Procédé d'obtention d'une identité numérique de niveau de sécurité élevé - Google Patents
Procédé d'obtention d'une identité numérique de niveau de sécurité élevéInfo
- Publication number
- EP3707669A1 EP3707669A1 EP18814669.0A EP18814669A EP3707669A1 EP 3707669 A1 EP3707669 A1 EP 3707669A1 EP 18814669 A EP18814669 A EP 18814669A EP 3707669 A1 EP3707669 A1 EP 3707669A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- citizen
- digital
- identity
- digital identity
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/26—Government or public services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/006—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
Definitions
- the invention relates to a method for obtaining a digital identity of substantial or high security level (regalian level), suitable for use by citizens in particular to identify with the police, but also in all types of security. face-to-face or online services to ensure the reliable identification of those who use these services.
- regalian level substantial or high security level
- the problem posed by the dematerialization of a regal document to a smartphone is to be able to ensure the authenticity of the digital document presented and data contained (surname, first name, date and place of birth, biometric data, ).
- biometric data characteristic of the wearer of the corresponding royal identity document identity photo, characteristics of the imprint, characteristics of the iris;
- the document cited above does not solve several disadvantages.
- being a smart card document it does not link to a device worn more often by users, such as a smartphone or other portable electronic object, such as a tablet or a smart watch .
- Goals of the invention A general object of the invention is therefore to provide a method for obtaining a digital identity of substantial or high security level, able to avoid the disadvantages of known methods.
- a more specific object of the invention is to propose a method for creating a digital identity of substantial or high level, equivalent to the regal title in its ability to authenticate the identity of a person and effective to fight against identity fraud, and in any case, a higher level of security than the security of digital identification processes commonly used on the internet.
- Another object of the invention is to provide a method of creating a strong digital identity using as support a portable device usual users, such as a mobile phone with a screen.
- the principle of the present invention is to create a digital original of a regal title, namely a digital identity constructed from a regal physical title (national identity card, passport, ...), and to make this digital identity available on mobile electronic devices, such as citizens' smartphones or other portable electronic devices provided with a display screen, for use in the context of the physical identification of the wearer, or its electronic identification for the conduct of online transactions.
- the invention therefore relates to a method for creating and making available to a citizen a digital identity, said citizen having previously transmitted personal identity information to a regal service capable of verifying this personal information and to transmitting them securely to an industrial production site approved by a State for the production of physical identity documents, characterized in that it comprises steps of:
- said digital photograph is a high definition photograph.
- Said portable electronic device provided with a display screen is advantageously a smartphone, an electronic tablet, or a connected watch, without this list being exhaustive.
- the QR codes are either stored in a secure database or recalculated on demand from the personal information of the requester.
- the digital identity comprises in addition to a digital photograph of the physical regal title, information administrative (name, size, gender, address, ...) and / or biometric of the citizen, coded in the QR Code (s).
- the biometric information is for example constituted by a coding of the fingerprints of the citizen, a coding of the iris, and / or a photograph of identity of the citizen, without this list being exhaustive.
- the digital identity of the citizen thus obtained is stored in a secure database, with the administrative and / or biometric data of the citizen that have made it possible to produce the associated physical title and the own data.
- the physical title (unique number, date of issue, ).
- the database can be managed by an authorized industrialist for the production of royal identity documents, with access authorization by the regal service responsible for the management of requests for digital identity, or managed directly by a State.
- the stored digital identities are encrypted with an encryption key specific to the police, so that only law enforcement agents equipped with terminals equipped with a QR Code reader and a security key. adequate decryption can decrypt and read this data.
- the invention also relates to the use of a digital identity for the identification by the police of a citizen provided with a portable terminal such as a smartphone in which is stored the digital identity under form encoded by a set of QR Code (s), characterized in that it comprises steps of:
- QR Codes reader terminal For the law enforcement officer, read the displayed QR codes using a QR Codes reader terminal and decipher the QR codes using a decryption application and a decryption key capable of extracting displayed QR codes, citizen identification information (photography, administrative information, biometric information).
- FIG. 1 is a diagram representing the stages of preparation of a digital identity following a request for a sovereign status by a citizen;
- FIG. 2 is a diagram showing the steps for activating a digital identity obtained as described with reference to FIG. 1;
- FIG. 3 is a diagram showing the steps implemented in the context of an example of use of a digital identity obtained by the method according to the invention.
- the State-approved manufacturer Upon receipt of the production request from the representative of the State concerned, the State-approved manufacturer starts the manufacture of the security based on data securely transmitted by the State entity. 4- The manufactured title is sent by the manufacturer to the representative of the requesting State (for example the Town Hall of the citizen's domicile).
- the State Agent verifies that he is the initial applicant for the title, for example by comparing the fingerprints of the person who withdraws the title, with those encoded in the title. This comparison is made by means of a fingerprint sensor to obtain the fingerprints of the applicant, and a fingerprint analysis software that can indicate whether the fingerprints presented by the requestor match those stored in the memory of the analysis device. .
- the citizen does not always have the physical identity document with him, which does not allow him to identify himself.
- the physical identity document does not allow him to identify himself online, especially for secure transactions on the internet.
- a digital identity is constructed in the wake of the production of a physical identity document, and securely delivered to the applicant of the physical title.
- the steps of this process are shown schematically in FIGS. 1 and 2.
- the citizen X asks for a new regal title from a representative of the State (for example a Town hall) by providing his administrative information required, namely surname, first name, date and place of birth, gender, email address, as well as a phone number where he can be contacted to tell him that his title is ready.
- the process of applying for a title is so far very close to that existing to date and recalled above. All data in the title application is stored in a database maintained by ANTS or an equivalent state agency.
- the citizen asks for a digital identity, in addition to the demand for a physical regal title.
- a verification of citizen information is done by a state entity (for example a Prefecture in France) before requesting the production of the title and digital identity.
- the request for the manufacturing of the physical title is transmitted to a manufacturer authorized by the State to produce the regal title.
- the authorized industrialist Upon receipt of the production request from the State entity, the authorized industrialist starts manufacturing the title from the data received.
- the manufacturer also creates a "double" digital title, which constitutes a digital identity of the applicant.
- This consists of a high-definition photograph of the physical title and a QR Code (possibly a biometric QR code such as that described in the document FR 2 987 454 A1) which embeds one or more coded information, for example a coding of the applicant's fingerprints, certain characteristics of his face, or a lower-definition identity photo obtained from high-definition photography.
- the digital identity thus obtained is then temporarily stored until the issuance of the title, in a secure database of the industrial, with the administrative and / or biometric data of the holder who have produced the title and data specific under title (unique number, date of issue, ).
- the digital identity can be recalculated on demand, based on the applicant's information (photograph of the physical title, fingerprints and other biometric and administrative information of the requester) stored in the secure databases.
- Stored or recalculated data can be encrypted with a specific encryption key to law enforcement so that only law enforcement agents with adequate terminals can decrypt and read that data.
- the information concerning the security (serial number, date of issue, etc.) is transmitted to a state entity, for example ANTS in France, to update its database of government securities.
- the physical title manufactured is then sent to the representative of the requesting State (Mairie).
- the City Council asks the industrialist the url link to activate the digital identity of the citizen X.
- the title is given to the citizen as well as a link url and a code of activation of his digital identity .
- the url link and the activation code can be delivered on paper or encoded in a QR code.
- the citizen uploads his digital identity containing his QR (s) Biometric code (s) using the link url received, activates in 10) its digital identity with the activation code it has received, and informs in 11) the entity that manages the digital identities. From there, the digital identity of the citizen is on his smartphone, and is exploitable to authenticate physically to the authorities, or online for substantial or strong identification with a government application or not.
- the applicant therefore has both a physical regal title, and a digital identity of high or substantial level modeled on the physical title.
- the agent verified that the digital title corresponded to the person who appeared before him, just as for the physical title.
- the applicant therefore has at this stage two "originals" of titles, one physical, the other digital.
- the method described above can be adapted for a Digital Identity request without producing a real title.
- the physical title photograph is not taken and is not included in the biometric QR codes, however the carrier's data is validated by the state.
- the activation code and the download link of the biometric QR codes are delivered by hand to the citizen when he withdraws his digital identity.
- a biometric QR Code is calculated from the data as previously described.
- the state agent When submitting the activation code to the citizen, the state agent verifies that he is the applicant (for example by comparison of fingerprints).
- the police officer approaches a portable control terminal equipped with a QR Code reader of the citizen's mobile phone, so that he can read and decode the QR Code displayed on the citizen's phone, and thus retrieve the biographical and biometric data of the citizen which are stored in the QR Code.
- This control operation is possible locally even with a QR Code reader not connected to a network, provided that the QR Code reader of the agent has the decryption key or keys corresponding to the one (s) which were used to encode the citizen's data in the QR Code of the smartphone.
- a user wishes to access an online service, for example an e-government service, an online banking or insurance service, etc., using his stored digital identity.
- an online service for example an e-government service, an online banking or insurance service, etc.
- his smartphone in his smartphone:
- the service's website displays an authentication request and indicates that it can identify itself using a digital identity provided by an identity provider of a sufficient level and approved by the service. online;
- a notification is then sent by the online service to the mobile application of the phone that manages the digital identity of the user, and the notification informs the user that a web service wants to access his data;
- the invention achieves the stated goals and has a number of advantages over known methods for obtaining a digital identity.
- the method according to the invention is easy to implement.
- the numerical title obtained by the process is strictly equal to the physical title, and has the same probative force.
- the solution proposed by the The invention integrates it into the regal procedure of civil status, with sworn agents and with reinforced means of control.
- the process according to the invention is also economically advantageous.
- the generalization of tools allowing the general public to safely prove their identity to the police or to an online service could create significant productivity gains, since behind the digital identity lies the indisputable identity of the digital identity owner, which is the foundation of digital trust and the growth of connected services.
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1701149A FR3073643B1 (fr) | 2017-11-10 | 2017-11-10 | Procede d'obtention d'une identite numerique de niveau de securite eleve |
PCT/FR2018/000244 WO2019092327A1 (fr) | 2017-11-10 | 2018-11-09 | Procédé d'obtention d'une identité numérique de niveau de sécurité élevé |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3707669A1 true EP3707669A1 (fr) | 2020-09-16 |
Family
ID=62017297
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP18814669.0A Pending EP3707669A1 (fr) | 2017-11-10 | 2018-11-09 | Procédé d'obtention d'une identité numérique de niveau de sécurité élevé |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP3707669A1 (fr) |
FR (1) | FR3073643B1 (fr) |
WO (1) | WO2019092327A1 (fr) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR3112227A1 (fr) * | 2020-07-02 | 2022-01-07 | Alkan ERAYDIN | Appareil d’identification sécurisé d’un individu. |
CN112116362A (zh) * | 2020-09-11 | 2020-12-22 | 广东镭泰激光智能装备有限公司 | 一种适用于地摊产品的可追溯标记方法及装置 |
CN112258366A (zh) * | 2020-10-30 | 2021-01-22 | 湖南天湘和信息科技有限公司 | 一种基于数字底板城市治理系统 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030023858A1 (en) * | 2001-07-26 | 2003-01-30 | International Business Machines Corporation | Method for secure e-passports and e-visas |
KR100960500B1 (ko) * | 2008-04-18 | 2010-06-01 | 주식회사 케이티 | 모바일 여권 발급 방법 및 시스템 |
FR2987464B1 (fr) | 2012-02-23 | 2015-08-21 | Thales Sa | Station d'acquisition de donnees permettant l'identification d'un demandeur |
JP5665783B2 (ja) | 2012-02-29 | 2015-02-04 | 株式会社東芝 | 中性子測定装置およびその測定方法 |
EP3174240A4 (fr) * | 2013-12-08 | 2018-06-27 | Mao Ye | Système de jeton numérique pour numérisation de support physique et optimisation de magasin physique |
KR101685161B1 (ko) * | 2015-12-24 | 2016-12-09 | 한미정 | 여권 정보 변환 장치 및 이를 이용한 변환 방법 |
-
2017
- 2017-11-10 FR FR1701149A patent/FR3073643B1/fr active Active
-
2018
- 2018-11-09 WO PCT/FR2018/000244 patent/WO2019092327A1/fr unknown
- 2018-11-09 EP EP18814669.0A patent/EP3707669A1/fr active Pending
Also Published As
Publication number | Publication date |
---|---|
FR3073643A1 (fr) | 2019-05-17 |
WO2019092327A1 (fr) | 2019-05-16 |
FR3073643B1 (fr) | 2021-03-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP0763803B1 (fr) | Système de comptabilisation anonyme d'informations à des fins statistiques, notamment pour des opérations de vote électronique ou de relevés périodiques de consommation | |
EP2591463B1 (fr) | Système et procédé d'identification et d'enregistrement d'identité sécurisés | |
WO2003056750A2 (fr) | Systeme cryptographique de signature de groupe | |
EP3665600B1 (fr) | Procédé de signature électronique d'un document par une pluralité de signataires | |
WO1982002446A1 (fr) | Procede et dispositif de securite pour communication tripartite de donnees confidentielles | |
WO2006021661A2 (fr) | Procede d'authentification securisee pour la mise en œuvre de services sur un reseau de transmission de donnees | |
EP3690686A1 (fr) | Procédé d'authentification, serveur et dispositif électronique d'identité | |
EP1055203B1 (fr) | Protocole de controle d'acces entre une cle et une serrure electronique | |
WO2007012583A1 (fr) | Procede de controle de transactions securisees mettant en oeuvre un dispositif physique unique, dispositif physique, systeme, et programme d'ordinateur correspondants | |
EP3707669A1 (fr) | Procédé d'obtention d'une identité numérique de niveau de sécurité élevé | |
EP3742699B1 (fr) | Procédé d'authentification forte d'un individu | |
EP3731116B1 (fr) | Procédé d'authentification d'un document d'identité d'un individu et d'authentification dudit individu | |
EP3262553B1 (fr) | Procede de transaction sans support physique d'un identifiant de securite et sans jeton, securise par le decouplage structurel des identifiants personnels et de services | |
FR2834841A1 (fr) | Procede cryptographique de revocation a l'aide d'une carte a puce | |
FR3062499A1 (fr) | Procede de reduction de la taille d'une base de donnees repartie de type chaine de blocs, dispositif et programme correspondant | |
WO2009083527A1 (fr) | Procede et systeme pour authentifier des individus a partir de donnees biometriques | |
WO2003105096A2 (fr) | Procede de mise a jour de donnees sur une puce, notamment d'une c arte a puce | |
FR2913551A1 (fr) | Methode d'authentification mutuelle et recurrente sur internet. | |
EP3863219A1 (fr) | Procédé et dispositif d'évaluation de correspondance d'ensembles de données structurées protégées par le chiffrement | |
EP4099614A1 (fr) | Procédés d'enrolement de données pour vérifier l'authenticité d'une donnée de sécurité ou de verification de l'authenticité d'une donnée de securité | |
FR3021435A1 (fr) | Procede de diffusion d'une donnee a partir de documents identitaires | |
EP4193283A1 (fr) | Procede pour generer un document numerique securise stocke sur un terminal mobile et associe a une identite numerique | |
WO2022096841A1 (fr) | Procede d'authentification securise par le decouplage structurel des identifiants personnels et de services | |
FR3021434A1 (fr) | Procede de controle d'un document identitaire | |
WO2016166478A1 (fr) | Procédés de génération et de vérification d'une clé de sécurité d'une unité monétaire virtuelle |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20200604 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20211105 |